Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems. “BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said….
Millions of AT&T customers can now file claims in a $177 million legal settlement related to two data breaches, which could provide up to $7,500 in compensation per person. The first data breach, announced in March 2024, affected 73 million current and former AT&T account holders whose information — including birth dates and Social Security numbers —…
French fashion house Chanel has been hit by a data breach following a sustained series of attacks targeting Salesforce users. The data breach was discovered on July 25 after unauthorized third parties gained access to a Chanel database managed by an external service provider. Only customers in the United States have been affected. The exposed…
The app “Tea,” designed for women to anonymously post comments about men they have dated, has suffered a data breach, leaking tens of thousands of user images in what appears to be a targeted effort by another online platform.The company behind Tea reported that 72,000 images were leaked online, including 13,000 selfies or forms of…
Washington — Department of Homeland Security headquarters, several of its component agencies and the Department of Health and Human Services have been hacked as part of a wider breach of Microsoft’s SharePoint service, according to multiple U.S. officials. Microsoft confirmed its software was targeted by Chinese actors who deployed ransomware on the file sharing and…
Hong Kong witnessed three data breaches targeting local flag carrier Cathay Pacific Airways, Louis Vuitton and the public postal service in the space of several days, sparking fresh concerns about cybersecurity in the city. As digital threats evolve, the Post talks to experts about what went wrong, what consumers should watch out for and how…
The privacy watchdog has launched an investigation after Louis Vuitton Hong Kong suffered a data breach that compromised the personal information of about 419,000 customers in the city. The Office of the Privacy Commissioner for Personal Data said on Saturday that Louis Vuitton Hong Kong had notified it of the breach on Thursday. According to…